Sherman's Security Blog
I am Sherman Hand. (also known as Policysup) I have created this blog and will use a part of my day to write about what is going on in the world. I hope to discuss things in a down to earth and practical way. I hope to hear back from you on your thoughts. I do not in any way intend to speak for my employer. The content of this blog will be either opinions that are strictly mine, general observations,re posts, or information that is already in the public domain.

According to a recent study, the overwhelming majority (90 percent) of U.S. federal agencies report feeling vulnerable to data threats.

The survey, conducted by analyst firm 451 Research in collaboration with Vormetric, analyzed the responses of 1,100 senior IT security executives at large enterprises worldwide, including more than 100 U.S. federal government organizations.

The report (PDF) revealed that 61 percent of U.S. federal government organizations had been subject to a data breach in the past, with nearly one in five respondents indicating the breach occurred in the last year.

Although many agencies also noted plans to increase security spending over the next 12 months, the report suggests their budgets may not be properly allocated to prevent the theft of sensitive data.

“The results showed that federal IT security professionals are like generals fighting today’s wars with the weapons of yesterday,” said Garrett Bekker, senior analyst at 451 Research.

U.S. government respondents listed network defenses (53 percent), such as firewalls, intrusion protection systems (IPS) and DLP, as well as analysis and correlation tools (46 percent) as the top categories for increased spending.

Meanwhile, data-in-motion and data-at-rest defenses, such as encryption, were at the bottom of the list in U.S. federal spending plans, with 40 percent and 30 percent, respectively.

“… Spending intentions reflected a tendency to stick with what has worked in the past… Clearly, there’s still a big disconnect between what we are spending the most of our security budget on and what’s needed to ensure that our sensitive data remains secure,” said Bekker.

Other key findings from the study included:

Skill shortages (44 percent) and budget constraints (34 percent) were named the top barriers to the adoption of strong data security.